The phone rings, you answer, and someone says they are from Microsoft
or your Internet provider and have detected a virus on your PC. What
next?
Well, it depends on how much time you have on your hands and
your sense of humour, but before we get to that let's just explain what
is going on here.
I've been plagued with these calls, often once
or twice a week. Someone, usually with a heavy Indian accent, calls and
reports that they are calling from 'Microsoft Security Centre', stating
that they have 'detected viruses on my machine over the internet'.
Myth buster number one: This
is not possible! Firstly, Microsoft never phones people to tell them
that their PC is infected (assuming it actually is). Secondly, how would
a company get your phone number based on your PC?
I had one such
call recently and had a bit of time so I thought I'd a) waste their time
so that they weren't conning some unsuspecting old lady, and b) find
out exactly what they were doing in order to 'prove' to people that
there were problems with their PCs. I had what is known as a 'virtual
machine' installed - this is like Windows running as an app in Windows.
It is totally ring-fenced, and to the outside world they could not tell
any difference. By letting them run in a sand-boxed system I knew that
my main system was completely safe.
Step 1 - they gain access to your PC
After
you've admitted that you have a PC they'll start saying things like
'have you noticed it going slow recently'. Let's face it, all Windows
PCs get slower over time, especially without a little bit of
house-keeping, and they are never as fast as we want them to be. They
will then ask you to go to a website and run an app. This part is
actually legitimate as they are using a third party product that allows
for remote support. You run an app, it displays a set of numbers which
you then read out to the person on the phone, and they enter it into the
software at their end - they can then see your desktop and control your
keyboard/mouse as if they were in front of the PC. Note that at this
stage your PC is not infected with anything - you've simply allowed
remote control so that they can prove that your PC is compromised.
Step 2 - the convincer
Now they have to prove to you that there is a problem. The person that connected to me did two things:
a.
They ran the Windows Event Viewer. This is an app installed on all
versions of Windows that logs any errors that happen on the system. Note
that an error to Windows is not always what we would consider an error.
For example, when Windows boots up it'll check to see what printers are
available. If you have a printer driver installed, but the printer is
switched off that will log an error. So our friendly 'Microsoft
Technician' told me to go into the Event Viewer and proceeded to show me
all of the errors on my PC. He told me on no account to click on any of
the line items as he said that this would damage things further. In
reality he was concerned that I would read the error log and see that it
was telling me that my printer was not switched on...
b. Next he
opened a Dos window by running 'CMD' from the Start/Run option. He typed
TREE /S, which is a simple command that shows every single file and
folder on the PC. As you can imagine on even a fresh install of Windows
there are tens of thousands of files, so this takes a few seconds as
they go whizzing up the screen. And while that is going on he's typing
something in the background which is only displayed once the computer
has finished listing all of the files and folders. So at the end of this
I could see 'System Error: Antivirus software disabled'. Of course,
this was not actually the case!
Aucun commentaire:
Enregistrer un commentaire